At a glance
By Nigel Bowen
Businesses across the globe are estimated to have collectively lost US$6 trillion (A$8.3 trillion) to cyber villains in 2021 alone. Much of that money was purloined from financial institutions staffed by educated, intelligent and conscientious individuals.
Test your knowledge to see if you’re on top of the latest in cyber defence.
1. You’ve just landed a senior management position or a board role. In relation to cybersecurity, what should you concentrate on first?
- Understanding your legal and regulatory obligations, because there is a growing trend toward holding company directors liable for cybersecurity breaches.
- Familiarising yourself with the organisation’s inventory of data, because it will be difficult to participate in cybersecurity discussions if you are unsure about what data your organisation needs to store safely.
- Working out what kind of risk environment the organisation is operating in.
- All of the above.
2. What type of cyber scam has become more common due to the rise of remote working?
- Business email compromise, which typically involves cybercriminals either hacking into, or replicating, the email accounts of a CEO or CFO, and then directing more junior employees to transfer funds into an account controlled by the criminal.
- E-card greeting scams, which infect computers with malicious software when people click on a link purporting to be from a legitimate e-card site.
- Scam letters with elaborate back stories that lead up to requests for large cross-border money transfers.
3. What can business leaders do to address the rapidly growing threat of supply chain cyberattacks?
- Invest in hardening edge equipment, patching operating systems, enabling several layers of malware protection and conducting regular testing.
- Implement a zero-trust access model.
- Threaten legal action against third-party providers if they do anything to compromise their business’s data.
4. What is a major cybersecurity threat that you should be worried about but probably haven’t given much thought to?
- Climate change driving great white sharks to start chewing through the undersea cables that allow data to whiz around the world.
- A long-term internet outage caused by a war that could abruptly catapult the world back to the pre-digital era for weeks or even months.
- A solar storm seriously damaging the world’s telecommunication infrastructure.
5. If they are not from a tech background themselves, how can a business leader ensure their IT team is keeping pace with a complex, fast-moving threat environment?
- Get a third-party firm to conduct regular penetration testing and provide reports highlighting any system vulnerabilities.
- Ensure that the organisation’s IT team is solely responsible for addressing potential cyber risks and creating a cyber safe environment.
- Establish a Chief Cybersecurity Officer role that is tasked with overseeing the organisation’s cybersecurity function.
6. On average, how long does it take a company to realise its cyber defences have been breached, and how long does it take to contain that breach?
- 1.97 hours to discover a breach and 69 seconds to contain it.
- 19.7 days to discover a breach and 6.9 days to contain it.
- 197 days to discover a breach and 69 days to contain it.
7. If your business is going to outsource cybersecurity incident response to an outside firm, what core three things should that firm always provide?
- A 24/7 customer service line, multilingual staff and centrally located offices.
- Immersive training facilities, the ability to outsource capabilities when required and the ability to perform mapping of post-breach remediation implementations.
- A great monitoring system, a well-designed app and their own data centre.
8. What are the most cybersecurity-conscious companies doing to mitigate the threat posed by malicious or negligent staff?
- Mandating that all employees complete an online cybersecurity training course.
- Requiring employees work from the corporate office wherever possible.
- Conducting rigorous security vetting, including digital footprint checks on all potential new employees, as well as checking in regularly with all staff to determine whether life events, such as a bereavement or financial hardship, have increased the risk of them acting carelessly or criminally.
9. What is likely to be the most significant cybersecurity challenge facing business leaders for the rest of the decade?
- Attracting and retaining tech talent in general and cybersecurity specialists in particular, because the acceleration of digital transformation means private businesses and public sector agencies across the globe are desperate for digitally savvy workers.
- Hackers gaining access to powerful artificial intelligence (AI) tools that allow them to engage in sophisticated automated attacks.
- The emergence of “cloud pirates” who will work out ways to hijack software running on the internet.
10. How is blockchain technology affecting cybersecurity?
- Allowing executives to form a blockchain (i.e., a peer-to-peer network), which then allows those executives to do things such as collectively verify the authenticity of data before it is stored in the company’s database.
- Companies that invested in Bitcoin before its value skyrocketed can now sell it and invest the money in buying cutting-edge cybersecurity solutions.
- Allowing most cybersecurity businesses to begin accepting payment in Dogecoin.
11. What cybersecurity challenges will 5G and the Internet of Things (IoT) pose for businesses?
- Hackers will be able to seize control of IoT enabled appliances – coffee machines, pacemakers and vehicles – and wreak widespread havoc.
- It will make it easier to create botnets (i.e. ,networks of computers linked together by malware that criminals can control from anywhere in the world.
- Lots of devices communicating with lots of other devices will result in a much larger “attack surface” for hackers to target.
12. What can time-poor business leaders do to maintain “situational awareness” of emerging cybersecurity threats?
- Find out what government agency (e.g. The Australian Cyber Security Centre, New Zealand’s National Cyber Security Centre and Singapore’s Cyber Security Agency) is responsible for alerting businesses to new cyber scams and consult its website regularly.
- Take out a subscription to websites and publications that cover cybersecurity.
- Schedule a monthly meeting with the head of the IT team.
CYBER SECURITY RESOURCES AND SUPPORT
Most correct answers
Australia's Digital Trust Report | AustCyber
Why Penetration Testing Is Important | Vaultes